[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with access to OpenLDAP

To: <philippe.broussard@e-qual.fr>, <openldap-software@OpenLDAP.org>
Subject: Re: Problem with access to OpenLDAP
From: Peter Marschall <peter@adpm.de>
Date: Fri, 30 May 2003 17:54:11 +0200
Content-disposition: inline
In-reply-to: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAoTMCUkUVIU+EN1lpRTz5FcKAAAAQAAAAVeSdlocudUGtAAy3vUEszQEAAAAA@e-qual.fr>
Organization: ADPM
References: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAoTMCUkUVIU+EN1lpRTz5FcKAAAAQAAAAVeSdlocudUGtAAy3vUEszQEAAAAA@e-qual.fr>
User-agent: KMail/1.5.1

Hi,

On Friday 30 May 2003 16:48, philippe.broussard@e-qual.fr wrote:
> I want logging me with an user : AdminContacts and not the superuser I
> have defined an ACI about him :
>
>         access to
>          dn="ou=Contacts,dc=e-qual,dc=fr"
>         by
>          dn="cn=AdminContacts,ou=Contacts,dc=e-qual,dc=fr"
>         write

You have stated which rights AdminContacts has, but you have not given
the information which rights the anonymous user has in order to get
authenticated as AdminContacts.

Try 

# restrictive rights to userPassword of all objects
access to	attr=userPassword
	by	dn.exact="cn=AdminContacts,ou=Contacts,dc=e-qual,dc=fr"  write
        by	anonymous auth
        by	* none

# write access to AdminContacts below ou=Contacts,dc=e-qual,dc=fr
access to	dn.children="ou=Contacts,dc=e-qual,dc=fr"
	by	dn.exact="cn=AdminContacts,ou=Contacts,dc=e-qual,dc=fr"  write
	by	* none

Peter
-- 
Peter Marschall
eMail: peter@adpm.de

References:
- Problem with access to OpenLDAP
  - From: <philippe.broussard@e-qual.fr>

Prev by Date: Re: Account Login / schema question
Next by Date: Re: PASSWORDS (2)
Index(es):
- Chronological
- Thread